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each sheet. Replacement sheet(s) should be labeled as such in the header according to 37 CFR 1.121(d). 
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1. In response to amendment filed on 14 July 2006 and Examiner Initiated Interview on 
21 September 2006, the amendment to the claims, specification, and terminal disclaimer are 
accepted. 

2. An examiner's amendment to the record is attached. Please enter entire claim set. Should 
the changes and/or additions be unacceptable to applicant, an amendment may be filed as 
provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be 
submitted no later than the payment of the issue fee. The examiner's amendment to amends 
claim 15; was authorized by attorney of record Sean F. Parmenter in phone interview on 

21 September 2006. 

Reasons for Allowance 

3. Claims 1-10 and 12-21 are allowed over the prior art of record. 

The following is a statement of reasons for the indication of allowable subject matter: 

In interpreting the claims in light of the specification and applicant's argument, and the 
Amendment filed 7/14/2006, as well as Examiner's Amendment attached. Examiner finds the 
claimed invention is patentable distinct from the prior art of record. 

The prior arts of record, Chang introducing a mechanism for a plurality of sessions 
between a client and a server with user authentication and identification information; where 
identification information is cached in memory for subsequent connection requests. Chang in 
view of Yatsukawa, introduces a processor using publick-key enciphering scheme with a public- 
key certificate. Chang in view of Yatsukawa in further view of Baskey introducing a secure 
communication channel such as SSL. 

The prior art of record, Chang in view of Yatsukawa in further view of Baskey fail to 
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anticipate or render Applicant's particular feature that 

"wherein the authentication server activates the password that is inactive when the 
digital signature is verified" 

The dependent claims, being further limiting to the independent claims, defined and 
enabled by the Specification are also allowed. 

4. Any comments considered necessary by applicant must be submitted no later than the 
payment of the issue fee and, to avoid processing delays, should preferably accompany the issue 
fee. Such submissions should be clearly labeled "Comments on Statement of Reasons for 
Allowance". 

5. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Ellen C Tran whose telephone number is 

(571) 272-3842. The examiner can normally be reached from 8:30 am to 5:00 pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, 

Jacques H. Louis-Jacques can be reached on (571) 272-6962. The fax phone number for the 

organization where this application or proceeding is assigned is (571) 273-8300. 

Information regarding the status of an application may be obtained from the Patent 

Application Information Retrieval (PAIR) system. Status information for published applications 

may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 

applications is available through Private PAIR only. For more information about the PAIR 

system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 

system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 

Ellen. Tran NASSER MOAZZAMI 

Patent Examiner /Technology Center 2134 /26 September 2006 SUPERVISORY PATENT EXAMINER 

K ° =CHNOLOGY CENTER 2100 
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EXAMINER'S AMENDMENT: 

This listing of claims replaces all prior versions, and listings, of claims in the application: 
Listing of Claims 

Listing of Claims: 

1 . (Previously presented) A computer program product for a client 
computing system including a processor includes: 

code that directs the processor to request a challenge from an authentication 

server; 

code that directs the processor to receive the challenge from the authentication 
server via a secure communications channel, wherein the challenge includes at least a password 
that is inactive; 

code that directs the processor to receive user authentication data from a user; 

code that directs the processor to determine a private key and a digital certificate 
in response to the user authentication data; 

code that directs the processor to form a digital signature in response to the 
password that is inactive from the authentication server and the private key; 

code that directs the processor to communicate the digital signature to the 
authentication server, 

code that directs the processor to communicate the digital certificate to the 
authentication server, the digital certificate comprising a public key in an encrypted form; and 

code that directs the processor to communicate network user authentication data 
and the password that is inactive to the authentication server via a security server, 

wherein the authentication server activates the password that is inactive when the 
digital signature is verified, and 

wherein the codes reside on a tangible media. 

2. (Previously presented) The computer program product of claim 1 
wherein the password that is inactive remains inactivate when the authentication server does not 
verify the digital signature. 
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3. (Previously presented) The computer program product of claim 1 
wherein the security server comprises a server selected from a group of servers consisting of: 
firewall server, VPN gateway server. 

4. (Original) The computer program product of claim 1 wherein code 
that directs the processor to determine the private key and the digital certificate in response to the 
user authentication data comprises code that directs the processor to determine a private key 
associated with the user when the user authentication data is correct. 

5. (Original) The computer program product of claim 4 wherein code 
that directs the processor to determine the private key and the digital certificate in response to the 
user authentication data further comprises code that directs the processor to determine a private 
key not associated with the user when the user authentication data is incorrect. 

6. (Original) The computer program product of claim 1 further 
comprising code that directs the processor to receive network user authentication data from the 
user. 

7. (Original) The computer program product of claim 1 wherein code 
that directs the processor to receive user authentication data from a user comprises code that 
directs the processor to receive user authentication data and the network authentication data from 
the user. 

8. (Previously presented) A client computing system for 
communicating with a private server includes: 

a tangible memory configured to store a key wallet, the key wallet including a 
private key associated with [[the]] a user and a digital certificate associated with [[a]] the user, 
the private key and digital certificate stored in an encrypted form; 

a processor coupled to the tangible memory, the processor configured to receive a 
challenge from an authentication server via a secure communications channel, the challenge 
comprising a password that is inactive, configured to receive user authentication data from the 
user, configured to determine a retrieved private key and a retrieved digital certificate from the 
key wallet in response to the user authentication data from the user; configured to form a digital 
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signature in response to the password that is inactive from the authentication server and the 
retrieved private key, configured to communicate the digital signature to the authentication 
server, configured to communicate the digital certificate to the authentication server, and 
configured to communicate network user authentication data and the identity code to the 
authentication server via a security server, 

wherein the authentication server activates the password that is inactive when the 
digital signature is verified, and 

wherein the security server allows the client computing system to communicate 
with the private server when the password that is inactive is activated. 

9. (Original) The client computing system of claim 8 wherein the 
retrieved private key and the private key associated with the user are identical. 

10. (Original) The client computing system of claim 8 

wherein the retrieved private key and the private key associated with the user are 

different, and 

wherein when the retrieved private key and the private key associated with the 
user are different the identity code remains inactive. 

11. Canceled. 

12. (Previously presented) The client computing system of claim 8 
wherein the security server comprises a server selected from a group of servers consisting of: 
firewall server, VPN gateway server, electronic mail server, web server, database server, 
database system, application server. 

13. (Original) The client computing system of claim 8 wherein the 
tangible memory can be removed from the client computer. 

14. (Original) The client computing system of claim 8 wherein the 
processor is also configured to receive the network user authentication data from the user. 

15. (Currently amended) A client system for communicating with a remote 
server includes: 
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a tangible memory configured to store key wallet program, the key wallet 
program configured to store a private key associated with a user and a digital certificate 
associated with the user in protected forms; 

means for receiving a challenge from a verification server via a secure 
communications channel, the challenge comprising at least a network password that is inactive; 

means for receiving at least a PIN from the user; 

means coupled to th e tangible memory for determining a returned private key and 
a returned digital certificate from the key wallet in response to at least the PIN from the user; 

means for forming a digital signature in response to the network password 
received from the verification server and to the private key; 

means for communicating the digital certificate and the digital signature to the 
authentication server; and 

means for communicating at least the network password to a security server, 

wherein the network password is activated when the digital signature and digital 
certificate authenticate the user; and 

wherein the security server allows the client system to communicate with the 
remote server when the network password is activated. 

16. (Original) The client system of claim 15 wherein the returned private 
key and the private key associated with the user are the same. 

17. (Previously presented) The client system of claim 16 
wherein the means for determining a returned private key comprises means for 

determining the returned private key in response to the PIN from the user, and a pre-determined 
PIN, wherein when the PIN from the user and the pre-determined PIN are different, the returned 
private key is different from the private key associated with the user, wherein when the PIN from 
the user and the pre-determined PIN are the same, the returned private key is the private key 
associated with the user; 

wherein when the returned private key and the private key associated with the 
user are different the digital signature and the digital certificate do not authenticate the user. 
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18. (Original) The client system of claim 15 further comprising means for 
receiving at least a network password associated with the user from the user, 

wherein the means for communicating the digital certificate and the digital 
signature to the authentication server also comprise means for communicating the network 
password associated with the user to the authentication server. 

19. (Original) The client system of claim 15 wherein the means for 
communicating the digital certificate and the digital signature to the authentication server also 
comprise means for communicating a network password associated with the user to the 
authentication server; 

the client system further comprising means for determining the network password 
associated with the user in response to at least the PIN from the user. 

20. (Previously presented) The client computing system of claim 1 5 
wherein the client computing system is selected from a group of devices consisting of: desktop 
computer, portable computer, PDA, wireless device. 

21. (Previously presented) The client computing system of claim 8 
wherein the password that is inactive is determined in the authentication server, 

and 

wherein the password that is inactive is not stored on the client computing system 
before receiving the challenge from the authentication server. 
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